| s3_pkt.c (89837) | s3_pkt.c (100928) |
|---|---|
| 1/* ssl/s3_pkt.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 42 unchanged lines hidden (view full) --- 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== | 1/* ssl/s3_pkt.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 42 unchanged lines hidden (view full) --- 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58/* ==================================================================== |
| 59 * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | 59 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
| 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * --- 44 unchanged lines hidden (view full) --- 112#include <stdio.h> 113#include <errno.h> 114#define USE_SOCKETS 115#include <openssl/evp.h> 116#include <openssl/buffer.h> 117#include "ssl_locl.h" 118 119static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 60 * 61 * Redistribution and use in source and binary forms, with or without 62 * modification, are permitted provided that the following conditions 63 * are met: 64 * 65 * 1. Redistributions of source code must retain the above copyright 66 * notice, this list of conditions and the following disclaimer. 67 * --- 44 unchanged lines hidden (view full) --- 112#include <stdio.h> 113#include <errno.h> 114#define USE_SOCKETS 115#include <openssl/evp.h> 116#include <openssl/buffer.h> 117#include "ssl_locl.h" 118 119static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 120 unsigned int len); | 120 unsigned int len, int create_empty_fragment); |
| 121static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 122 unsigned int len); 123static int ssl3_get_record(SSL *s); 124static int do_compress(SSL *ssl); 125static int do_uncompress(SSL *ssl); 126static int do_change_cipher_spec(SSL *ssl); 127 128/* used only by ssl3_get_record */ --- 28 unchanged lines hidden (view full) --- 157 } 158 159 /* else we need to read more data */ 160 if (!s->read_ahead) 161 max=n; 162 163 { 164 /* avoid buffer overflow */ | 121static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 122 unsigned int len); 123static int ssl3_get_record(SSL *s); 124static int do_compress(SSL *ssl); 125static int do_uncompress(SSL *ssl); 126static int do_change_cipher_spec(SSL *ssl); 127 128/* used only by ssl3_get_record */ --- 28 unchanged lines hidden (view full) --- 157 } 158 159 /* else we need to read more data */ 160 if (!s->read_ahead) 161 max=n; 162 163 { 164 /* avoid buffer overflow */ |
| 165 int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length; 166 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 167 max_max += SSL3_RT_MAX_EXTRA; | 165 int max_max = s->s3->rbuf_len - s->packet_length; |
| 168 if (max > max_max) 169 max = max_max; 170 } 171 if (n > max) /* does not happen */ 172 { 173 SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR); 174 return -1; 175 } --- 57 unchanged lines hidden (view full) --- 233 int ssl_major,ssl_minor,al; 234 int enc_err,n,i,ret= -1; 235 SSL3_RECORD *rr; 236 SSL_SESSION *sess; 237 unsigned char *p; 238 unsigned char md[EVP_MAX_MD_SIZE]; 239 short version; 240 unsigned int mac_size; | 166 if (max > max_max) 167 max = max_max; 168 } 169 if (n > max) /* does not happen */ 170 { 171 SSLerr(SSL_F_SSL3_READ_N,SSL_R_INTERNAL_ERROR); 172 return -1; 173 } --- 57 unchanged lines hidden (view full) --- 231 int ssl_major,ssl_minor,al; 232 int enc_err,n,i,ret= -1; 233 SSL3_RECORD *rr; 234 SSL_SESSION *sess; 235 unsigned char *p; 236 unsigned char md[EVP_MAX_MD_SIZE]; 237 short version; 238 unsigned int mac_size; |
| 241 int clear=0,extra; | 239 int clear=0; 240 size_t extra; |
| 242 243 rr= &(s->s3->rrec); 244 sess=s->session; 245 246 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 247 extra=SSL3_RT_MAX_EXTRA; 248 else 249 extra=0; | 241 242 rr= &(s->s3->rrec); 243 sess=s->session; 244 245 if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) 246 extra=SSL3_RT_MAX_EXTRA; 247 else 248 extra=0; |
| 249 if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE) 250 { 251 /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER 252 * set after ssl3_setup_buffers() was done */ 253 SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_INTERNAL_ERROR); 254 return -1; 255 } |
|
| 250 251again: 252 /* check if we have the header */ 253 if ( (s->rstate != SSL_ST_READ_BODY) || 254 (s->packet_length < SSL3_RT_HEADER_LENGTH)) 255 { | 256 257again: 258 /* check if we have the header */ 259 if ( (s->rstate != SSL_ST_READ_BODY) || 260 (s->packet_length < SSL3_RT_HEADER_LENGTH)) 261 { |
| 256 n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, 257 SSL3_RT_MAX_PACKET_SIZE,0); | 262 n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf_len, 0); |
| 258 if (n <= 0) return(n); /* error or non-blocking */ 259 s->rstate=SSL_ST_READ_BODY; 260 261 p=s->packet; 262 263 /* Pull apart the header into the SSL3_RECORD */ 264 rr->type= *(p++); 265 ssl_major= *(p++); --- 20 unchanged lines hidden (view full) --- 286 } 287 288 if ((version>>8) != SSL3_VERSION_MAJOR) 289 { 290 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 291 goto err; 292 } 293 | 263 if (n <= 0) return(n); /* error or non-blocking */ 264 s->rstate=SSL_ST_READ_BODY; 265 266 p=s->packet; 267 268 /* Pull apart the header into the SSL3_RECORD */ 269 rr->type= *(p++); 270 ssl_major= *(p++); --- 20 unchanged lines hidden (view full) --- 291 } 292 293 if ((version>>8) != SSL3_VERSION_MAJOR) 294 { 295 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); 296 goto err; 297 } 298 |
| 294 if (rr->length > 295 (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | 299 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) |
| 296 { 297 al=SSL_AD_RECORD_OVERFLOW; 298 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); 299 goto f_err; 300 } 301 302 /* now s->rstate == SSL_ST_READ_BODY */ 303 } 304 305 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 306 | 300 { 301 al=SSL_AD_RECORD_OVERFLOW; 302 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); 303 goto f_err; 304 } 305 306 /* now s->rstate == SSL_ST_READ_BODY */ 307 } 308 309 /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ 310 |
| 307 if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) | 311 if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) |
| 308 { 309 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ 310 i=rr->length; 311 n=ssl3_read_n(s,i,i,1); 312 if (n <= 0) return(n); /* error or non-blocking io */ 313 /* now n == rr->length, 314 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ 315 } --- 11 unchanged lines hidden (view full) --- 327 * the decryption or by the decompression 328 * When the data is 'copied' into the rr->data buffer, 329 * rr->input will be pointed at the new buffer */ 330 331 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] 332 * rr->length bytes of encrypted compressed stuff. */ 333 334 /* check is not needed I believe */ | 312 { 313 /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ 314 i=rr->length; 315 n=ssl3_read_n(s,i,i,1); 316 if (n <= 0) return(n); /* error or non-blocking io */ 317 /* now n == rr->length, 318 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ 319 } --- 11 unchanged lines hidden (view full) --- 331 * the decryption or by the decompression 332 * When the data is 'copied' into the rr->data buffer, 333 * rr->input will be pointed at the new buffer */ 334 335 /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] 336 * rr->length bytes of encrypted compressed stuff. */ 337 338 /* check is not needed I believe */ |
| 335 if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | 339 if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) |
| 336 { 337 al=SSL_AD_RECORD_OVERFLOW; 338 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); 339 goto f_err; 340 } 341 342 /* decrypt in place in 'rr->input' */ 343 rr->data=rr->input; --- 52 unchanged lines hidden (view full) --- 396 { 397 goto decryption_failed_or_bad_record_mac; 398 } 399 } 400 401 /* r->length is now just compressed */ 402 if (s->expand != NULL) 403 { | 340 { 341 al=SSL_AD_RECORD_OVERFLOW; 342 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); 343 goto f_err; 344 } 345 346 /* decrypt in place in 'rr->input' */ 347 rr->data=rr->input; --- 52 unchanged lines hidden (view full) --- 400 { 401 goto decryption_failed_or_bad_record_mac; 402 } 403 } 404 405 /* r->length is now just compressed */ 406 if (s->expand != NULL) 407 { |
| 404 if (rr->length > 405 (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) | 408 if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) |
| 406 { 407 al=SSL_AD_RECORD_OVERFLOW; 408 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); 409 goto f_err; 410 } 411 if (!do_uncompress(s)) 412 { 413 al=SSL_AD_DECOMPRESSION_FAILURE; 414 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); 415 goto f_err; 416 } 417 } 418 | 409 { 410 al=SSL_AD_RECORD_OVERFLOW; 411 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); 412 goto f_err; 413 } 414 if (!do_uncompress(s)) 415 { 416 al=SSL_AD_DECOMPRESSION_FAILURE; 417 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); 418 goto f_err; 419 } 420 } 421 |
| 419 if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) | 422 if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) |
| 420 { 421 al=SSL_AD_RECORD_OVERFLOW; 422 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); 423 goto f_err; 424 } 425 426 rr->off=0; 427 /* So at this point the following is true --- 76 unchanged lines hidden (view full) --- 504 505 if (SSL_in_init(s) && !s->in_handshake) 506 { 507 i=s->handshake_func(s); 508 if (i < 0) return(i); 509 if (i == 0) 510 { 511 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | 423 { 424 al=SSL_AD_RECORD_OVERFLOW; 425 SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); 426 goto f_err; 427 } 428 429 rr->off=0; 430 /* So at this point the following is true --- 76 unchanged lines hidden (view full) --- 507 508 if (SSL_in_init(s) && !s->in_handshake) 509 { 510 i=s->handshake_func(s); 511 if (i < 0) return(i); 512 if (i == 0) 513 { 514 SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); |
| 512 return(-1); | 515 return -1; |
| 513 } 514 } 515 516 n=(len-tot); 517 for (;;) 518 { 519 if (n > SSL3_RT_MAX_PLAIN_LENGTH) 520 nw=SSL3_RT_MAX_PLAIN_LENGTH; 521 else 522 nw=n; 523 | 516 } 517 } 518 519 n=(len-tot); 520 for (;;) 521 { 522 if (n > SSL3_RT_MAX_PLAIN_LENGTH) 523 nw=SSL3_RT_MAX_PLAIN_LENGTH; 524 else 525 nw=n; 526 |
| 524 i=do_ssl3_write(s,type,&(buf[tot]),nw); | 527 i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); |
| 525 if (i <= 0) 526 { 527 s->s3->wnum=tot; | 528 if (i <= 0) 529 { 530 s->s3->wnum=tot; |
| 528 return(i); | 531 return i; |
| 529 } 530 531 if ((i == (int)n) || 532 (type == SSL3_RT_APPLICATION_DATA && 533 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) 534 { | 532 } 533 534 if ((i == (int)n) || 535 (type == SSL3_RT_APPLICATION_DATA && 536 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) 537 { |
| 535 return(tot+i); | 538 /* next chunk of data should get another prepended empty fragment 539 * in ciphersuites with known-IV weakness: */ 540 s->s3->empty_fragment_done = 0; 541 542 return tot+i; |
| 536 } 537 538 n-=i; 539 tot+=i; 540 } 541 } 542 543static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, | 543 } 544 545 n-=i; 546 tot+=i; 547 } 548 } 549 550static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 544 unsigned int len) | 551 unsigned int len, int create_empty_fragment) |
| 545 { 546 unsigned char *p,*plen; 547 int i,mac_size,clear=0; | 552 { 553 unsigned char *p,*plen; 554 int i,mac_size,clear=0; |
| 555 int prefix_len = 0; |
|
| 548 SSL3_RECORD *wr; 549 SSL3_BUFFER *wb; 550 SSL_SESSION *sess; 551 | 556 SSL3_RECORD *wr; 557 SSL3_BUFFER *wb; 558 SSL_SESSION *sess; 559 |
| 552 /* first check is there is a SSL3_RECORD still being written | 560 /* first check if there is a SSL3_BUFFER still being written |
| 553 * out. This will happen with non blocking IO */ 554 if (s->s3->wbuf.left != 0) 555 return(ssl3_write_pending(s,type,buf,len)); 556 557 /* If we have an alert to send, lets send it */ 558 if (s->s3->alert_dispatch) 559 { 560 i=ssl3_dispatch_alert(s); 561 if (i <= 0) 562 return(i); 563 /* if it went, fall through and send more stuff */ 564 } 565 | 561 * out. This will happen with non blocking IO */ 562 if (s->s3->wbuf.left != 0) 563 return(ssl3_write_pending(s,type,buf,len)); 564 565 /* If we have an alert to send, lets send it */ 566 if (s->s3->alert_dispatch) 567 { 568 i=ssl3_dispatch_alert(s); 569 if (i <= 0) 570 return(i); 571 /* if it went, fall through and send more stuff */ 572 } 573 |
| 566 if (len == 0) return(len); | 574 if (len == 0 && !create_empty_fragment) 575 return 0; |
| 567 568 wr= &(s->s3->wrec); 569 wb= &(s->s3->wbuf); 570 sess=s->session; 571 572 if ( (sess == NULL) || 573 (s->enc_write_ctx == NULL) || 574 (s->write_hash == NULL)) 575 clear=1; 576 577 if (clear) 578 mac_size=0; 579 else 580 mac_size=EVP_MD_size(s->write_hash); 581 | 576 577 wr= &(s->s3->wrec); 578 wb= &(s->s3->wbuf); 579 sess=s->session; 580 581 if ( (sess == NULL) || 582 (s->enc_write_ctx == NULL) || 583 (s->write_hash == NULL)) 584 clear=1; 585 586 if (clear) 587 mac_size=0; 588 else 589 mac_size=EVP_MD_size(s->write_hash); 590 |
| 582 p=wb->buf; | 591 /* 'create_empty_fragment' is true only when this function calls itself */ 592 if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) 593 { 594 /* countermeasure against known-IV weakness in CBC ciphersuites 595 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ |
| 583 | 596 |
| 597 if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) 598 { 599 /* recursive function call with 'create_empty_fragment' set; 600 * this prepares and buffers the data for an empty fragment 601 * (these 'prefix_len' bytes are sent out later 602 * together with the actual payload) */ 603 prefix_len = do_ssl3_write(s, type, buf, 0, 1); 604 if (prefix_len <= 0) 605 goto err; 606 607 if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) 608 { 609 /* insufficient space */ 610 SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR); 611 goto err; 612 } 613 } 614 615 s->s3->empty_fragment_done = 1; 616 } 617 618 p = wb->buf + prefix_len; 619 |
|
| 584 /* write the header */ | 620 /* write the header */ |
| 621 |
|
| 585 *(p++)=type&0xff; 586 wr->type=type; 587 588 *(p++)=(s->version>>8); 589 *(p++)=s->version&0xff; 590 | 622 *(p++)=type&0xff; 623 wr->type=type; 624 625 *(p++)=(s->version>>8); 626 *(p++)=s->version&0xff; 627 |
| 591 /* record where we are to write out packet length */ | 628 /* field where we are to write out packet length */ |
| 592 plen=p; 593 p+=2; 594 595 /* lets setup the record stuff. */ 596 wr->data=p; 597 wr->length=(int)len; 598 wr->input=(unsigned char *)buf; 599 --- 34 unchanged lines hidden (view full) --- 634 s2n(wr->length,plen); 635 636 /* we should now have 637 * wr->data pointing to the encrypted data, which is 638 * wr->length long */ 639 wr->type=type; /* not needed but helps for debugging */ 640 wr->length+=SSL3_RT_HEADER_LENGTH; 641 | 629 plen=p; 630 p+=2; 631 632 /* lets setup the record stuff. */ 633 wr->data=p; 634 wr->length=(int)len; 635 wr->input=(unsigned char *)buf; 636 --- 34 unchanged lines hidden (view full) --- 671 s2n(wr->length,plen); 672 673 /* we should now have 674 * wr->data pointing to the encrypted data, which is 675 * wr->length long */ 676 wr->type=type; /* not needed but helps for debugging */ 677 wr->length+=SSL3_RT_HEADER_LENGTH; 678 |
| 642 /* Now lets setup wb */ 643 wb->left=wr->length; 644 wb->offset=0; | 679 if (create_empty_fragment) 680 { 681 /* we are in a recursive call; 682 * just return the length, don't write out anything here 683 */ 684 return wr->length; 685 } |
| 645 | 686 |
| 687 /* now let's set up wb */ 688 wb->left = prefix_len + wr->length; 689 wb->offset = 0; 690 691 /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ |
|
| 646 s->s3->wpend_tot=len; 647 s->s3->wpend_buf=buf; 648 s->s3->wpend_type=type; 649 s->s3->wpend_ret=len; 650 651 /* we now just need to write the buffer */ | 692 s->s3->wpend_tot=len; 693 s->s3->wpend_buf=buf; 694 s->s3->wpend_type=type; 695 s->s3->wpend_ret=len; 696 697 /* we now just need to write the buffer */ |
| 652 return(ssl3_write_pending(s,type,buf,len)); | 698 return ssl3_write_pending(s,type,buf,len); |
| 653err: | 699err: |
| 654 return(-1); | 700 return -1; |
| 655 } 656 657/* if s->s3->wbuf.left != 0, we need to call this */ 658static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 659 unsigned int len) 660 { 661 int i; 662 --- 409 unchanged lines hidden (view full) --- 1072 1073 switch (rr->type) 1074 { 1075 default: 1076#ifndef NO_TLS 1077 /* TLS just ignores unknown message types */ 1078 if (s->version == TLS1_VERSION) 1079 { | 701 } 702 703/* if s->s3->wbuf.left != 0, we need to call this */ 704static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, 705 unsigned int len) 706 { 707 int i; 708 --- 409 unchanged lines hidden (view full) --- 1118 1119 switch (rr->type) 1120 { 1121 default: 1122#ifndef NO_TLS 1123 /* TLS just ignores unknown message types */ 1124 if (s->version == TLS1_VERSION) 1125 { |
| 1126 rr->length = 0; |
|
| 1080 goto start; 1081 } 1082#endif 1083 al=SSL_AD_UNEXPECTED_MESSAGE; 1084 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1085 goto f_err; 1086 case SSL3_RT_CHANGE_CIPHER_SPEC: 1087 case SSL3_RT_ALERT: --- 20 unchanged lines hidden (view full) --- 1108 (s->state <= SSL3_ST_CR_SRVR_HELLO_A) 1109 ) || ( 1110 (s->state & SSL_ST_ACCEPT) && 1111 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1112 (s->state >= SSL3_ST_SR_CLNT_HELLO_A) 1113 ) 1114 )) 1115 { | 1127 goto start; 1128 } 1129#endif 1130 al=SSL_AD_UNEXPECTED_MESSAGE; 1131 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1132 goto f_err; 1133 case SSL3_RT_CHANGE_CIPHER_SPEC: 1134 case SSL3_RT_ALERT: --- 20 unchanged lines hidden (view full) --- 1155 (s->state <= SSL3_ST_CR_SRVR_HELLO_A) 1156 ) || ( 1157 (s->state & SSL_ST_ACCEPT) && 1158 (s->state <= SSL3_ST_SW_HELLO_REQ_A) && 1159 (s->state >= SSL3_ST_SR_CLNT_HELLO_A) 1160 ) 1161 )) 1162 { |
| 1116 s->s3->in_read_app_data=0; | 1163 s->s3->in_read_app_data=2; |
| 1117 return(-1); 1118 } 1119 else 1120 { 1121 al=SSL_AD_UNEXPECTED_MESSAGE; 1122 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1123 goto f_err; 1124 } --- 69 unchanged lines hidden (view full) --- 1194 } 1195 1196int ssl3_dispatch_alert(SSL *s) 1197 { 1198 int i,j; 1199 void (*cb)()=NULL; 1200 1201 s->s3->alert_dispatch=0; | 1164 return(-1); 1165 } 1166 else 1167 { 1168 al=SSL_AD_UNEXPECTED_MESSAGE; 1169 SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); 1170 goto f_err; 1171 } --- 69 unchanged lines hidden (view full) --- 1241 } 1242 1243int ssl3_dispatch_alert(SSL *s) 1244 { 1245 int i,j; 1246 void (*cb)()=NULL; 1247 1248 s->s3->alert_dispatch=0; |
| 1202 i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2); | 1249 i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); |
| 1203 if (i <= 0) 1204 { 1205 s->s3->alert_dispatch=1; 1206 } 1207 else 1208 { 1209 /* Alert sent to BIO. If it is important, flush it now. 1210 * If the message does not get sent due to non-blocking IO, --- 17 unchanged lines hidden --- | 1250 if (i <= 0) 1251 { 1252 s->s3->alert_dispatch=1; 1253 } 1254 else 1255 { 1256 /* Alert sent to BIO. If it is important, flush it now. 1257 * If the message does not get sent due to non-blocking IO, --- 17 unchanged lines hidden --- |